1. Technical Field
The present invention relates generally to managing user data within an enterprise computing environment.
2. Background of the Related Art
The diversity of application and data assets across an enterprise, combined with the complexity of their related legacy, client-server, web and service-oriented architectures, poses a daunting governance and risk management challenge. Managing the security risk and regulatory risk of inappropriate access to applications and information suggests the desirability of a strategic approach to access governance, e.g., one that is based on auditable business processes that enable line-of-business managers and information security, audit and compliance teams to collaborate while ensuring accountability, transparency and visibility. This has not been feasible in the prior art, however. In particular, while security and compliance teams define policies and controls based on business requirements and regulatory mandates, it is the line-of-business managers who understand how information assets need to be used and, in particular, who should have access to them.
The prior art does not provide acceptable solutions with respect to the problem of enabling an organization to gain enterprise-wide visibility into enterprise applications having compliance-related impacts.